公开(公告)号：US5491693A

公开(公告)日：1996-02-13

申请号：US189816

申请日：1994-02-01

申请人： Kathryn H. Britton ,  Tein-Yaw Chung ,  Willibald Doeringer ,  Harold D. Dykeman ,  Allan K. Edwards ,  Johny Mathew ,  Diane P. Pozefsky ,  Soumitra Sarkar ,  Roger D. Turner

发明人： Kathryn H. Britton ,  Tein-Yaw Chung ,  Willibald Doeringer ,  Harold D. Dykeman ,  Allan K. Edwards ,  Johny Mathew ,  Diane P. Pozefsky ,  Soumitra Sarkar ,  Roger D. Turner

IPC分类号： H04L12/46 ,  H04L29/06 ,  H04L12/66

CPC分类号： H04L12/4604 ,  H04L69/08 ,  H04L69/18

摘要： A multiprotocol transport network (MPTN) gateway provides transparent interconnection of two or more SPTNs running different transport layer protocols to form an integrated heterogeneous MPTN. The MPTN gateway of the present invention has no dependencies on the particular transport protocols running on the SPTNs being interconnected as it utilizes a common transport provider (a Gateway Services Protocol Boundary (GSPB)) between the SPTN transport protocols and the gateway components. The MPTN gateway supports connections between end systems across multiple intermediate networks. The MPTN gateway provides automatic routing based on dynamic participation in the routing protocols of the interconnected SPTNs so that any number of gateways may be interconnected and in any topology desired. As the MPTN gateway has a general architecture and acquires routing information automatically, it supports not only other MPTN nodes and gateways but also non-MPTN nodes and gateways.

摘要翻译： 多协议传输网络（MPTN）网关提供运行不同传输层协议的两个或多个SPTN的透明互连，形成集成的异构MPTN。 本发明的MPTN网关不依赖于SPTN上运行的特定传输协议，因为SPTN利用SPTN传输协议和网关组件之间的公共传输提供商（网关服务协议边界（GSPB））互连。 MPTN网关支持跨多个中间网络的终端系统之间的连接。 MPTN网关基于动态参与互连SPTN的路由协议来提供自动路由，使得任何数量的网关可以互连并且在任何拓扑中是期望的。 由于MPTN网关具有一般架构，自动获取路由信息，不仅支持其他MPTN节点和网关，而且还支持非MPTN节点和网关。

公开(公告)号：US5224098A

公开(公告)日：1993-06-29

申请号：US731564

申请日：1991-07-17

申请人： Raymond F. Bird ,  Kathryn H. Britton ,  Tein-Yaw D. Chung ,  Allan K. Edwards ,  Johny Mathew ,  Diane P. Pozefsky ,  Soumitra Sarkar ,  Roger D. Turner ,  Winston W. Chung ,  Yue T. Yeung ,  James P. Gray ,  Harold D. Dykeman ,  Willibald A. Doeringer ,  Joshua S. Auerbach ,  John H. Wilson

发明人： Raymond F. Bird ,  Kathryn H. Britton ,  Tein-Yaw D. Chung ,  Allan K. Edwards ,  Johny Mathew ,  Diane P. Pozefsky ,  Soumitra Sarkar ,  Roger D. Turner ,  Winston W. Chung ,  Yue T. Yeung ,  James P. Gray ,  Harold D. Dykeman ,  Willibald A. Doeringer ,  Joshua S. Auerbach ,  John H. Wilson

IPC分类号： G06F13/00 ,  H04L29/06

CPC分类号： H04L29/06 ,  H04L69/08 ,  H04L69/24

摘要： A Transport Layer Protocol Boundary (TLPB) architecture is described which will permit an application program to run over a non-native transport protocol without first generating a protocol compensation package tailored to the transport protocols assumed by the program's application programming interface and by the available transport provider. All transport functions required by the program are converted to standardized or TLPB representations. When a connection between the first application program and a second remote application is requested, the individual required TLPB transport functions are compared to corresponding functions supported by the transport provider. Compensations are invoked only where there is a mismatch. The node on which the remote application program runs is informed of the compensations so that necessary de-compensation operations can be performed before the data is delivered to the remote application program.

公开(公告)号：US20130282762A1

公开(公告)日：2013-10-24

申请号：US13881735

申请日：2011-10-18

申请人： Michael Baentsch ,  Harold D. Dykeman ,  Reto J. Hermann ,  Thorsten Kramp ,  Michael P. Kuyper-Hammond ,  Michael C. Osborne ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Harold D. Dykeman ,  Reto J. Hermann ,  Thorsten Kramp ,  Michael P. Kuyper-Hammond ,  Michael C. Osborne ,  Thomas D. Weigold

IPC分类号： G06F21/62

CPC分类号： G06F21/6218 ,  G06F2221/2141 ,  G06F2221/2153

摘要： A method, a secure device, a system and a computer program product for securely managing user access to a file system. The method includes providing a secure device, where the secure device is protected by design against malicious software or malware and adapted to establish a connection to a server through a telecommunication network establishing a connection between the secure device and the server, receiving at the secure device, through the established connection, data pertaining to a file system identifying files which are at least partly stored outside the secure device, exposing at the secure device the file system to a user, based on the data received from the server, the file system navigable by the user.

摘要翻译： 一种用于安全管理对文件系统的用户访问的方法，安全装置，系统和计算机程序产品。 该方法包括提供一种安全设备，其中安全设备受设计保护以防恶意软件或恶意软件，并且适于通过建立安全设备和服务器之间的连接的电信网络建立到服务器的连接，在安全设备 通过建立的连接，与文件系统相关的数据识别至少部分存储在安全设备外部的文件，基于从服务器接收到的数据，在安全设备将文件系统暴露给用户，文件系统可导航 由用户

公开(公告)号：US20110131639A1

公开(公告)日：2011-06-02

申请号：US12783210

申请日：2010-05-19

申请人： Peter Buhler ,  Harold D. Dykeman ,  Thomas Eirich ,  Matthias Kaiserswerth ,  Thorsten Kramp

发明人： Peter Buhler ,  Harold D. Dykeman ,  Thomas Eirich ,  Matthias Kaiserswerth ,  Thorsten Kramp

IPC分类号： G06F21/00

CPC分类号： G06Q20/3823 ,  G06F21/34 ,  G06Q20/10 ,  G06Q20/341 ,  G07F7/1008 ,  G07F7/1025 ,  G07F7/1091

摘要： A mechanism is provided for secure PIN management of a user trusted device. A user trusted device detects a memory card coupled to the user trusted device. The user trusted device receives user input of an external PIN (ext_PIN). The user trusted device identifies a key (K) associated with the external PIN, wherein the key is stored in the persistent memory. The user trusted device computes a card PIN (card_PIN) using a function (f) and the key as stored on the persistent memory, wherein the card PIN is computed using the following equation: card_PIN=f(K, ext_PIN). The user trusted device unlocks the memory card using the card PIN, thereby forming an unlocked memory card.

摘要翻译： 提供了一种用于用户可信设备的安全PIN管理的机制。 用户信任的设备检测耦合到用户信任设备的存储卡。 用户信任的设备接收外部PIN（ext_PIN）的用户输入。 用户可信设备识别与外部PIN相关联的密钥（K），其中密钥存储在持久存储器中。 用户可信设备使用功能（f）和存储在永久存储器上的密钥来计算卡PIN（card_PIN），其中使用以下等式计算卡PIN：card_PIN = f（K，ext_PIN）。 用户信任的设备使用卡PIN解锁存储卡，从而形成解锁的存储卡。

公开(公告)号：US09998288B2

公开(公告)日：2018-06-12

申请号：US13036445

申请日：2011-02-28

申请人： Michael Baentsch ,  Harold D. Dykeman ,  Michael C. Osborne ,  Tamas Visegrady

发明人： Michael Baentsch ,  Harold D. Dykeman ,  Michael C. Osborne ,  Tamas Visegrady

IPC分类号： H04L9/32 ,  H04L9/26 ,  G06F21/44 ,  H04L9/08 ,  H04L29/06

CPC分类号： H04L9/3273 ,  G06F21/445 ,  H04L9/0897 ,  H04L63/0428 ,  H04L63/0853 ,  H04L63/0884 ,  H04L2209/76

摘要： A security device (6) is provided for facilitating management of secret data items such as cryptographic keys which are used by a remote server (2) to authenticate operations of the server (2). The device (6) has a user interface (13), control logic (16) and a computer interface (11) for connecting the device (6) to a local user computer (5) for communication with the remote server (2) via a data communications network (3). The control logic is adapted to establish via the user computer (5) a mutually-authenticated connection for encrypted end-to-end communications between the device (6) and server (2). In a backup operation, the secret data items are received from the server (2) via this connection. The control logic interacts with the user via the user interface (13) to obtain user authorization to backup secret data items and, in response, stores the secret data items in memory (10). To restore secret data items to the server, the control logic interacts with the user via the user interface (13) to obtain user authorization to restore secret data items and, in response, sends the secret data items to the server (2) via said connection.

公开(公告)号：US08423783B2

公开(公告)日：2013-04-16

申请号：US12783210

申请日：2010-05-19

申请人： Peter Buhler ,  Harold D. Dykeman ,  Thomas Eirich ,  Matthias Kaiserswerth ,  Thorsten Kramp

发明人： Peter Buhler ,  Harold D. Dykeman ,  Thomas Eirich ,  Matthias Kaiserswerth ,  Thorsten Kramp

IPC分类号： G06F21/00 ,  G06F17/30

CPC分类号： G06Q20/3823 ,  G06F21/34 ,  G06Q20/10 ,  G06Q20/341 ,  G07F7/1008 ,  G07F7/1025 ,  G07F7/1091

摘要： A mechanism is provided for secure PIN management of a user trusted device. A user trusted device detects a memory card coupled to the user trusted device. The user trusted device receives user input of an external PIN (ext_PIN). The user trusted device identifies a key (K) associated with the external PIN, wherein the key is stored in the persistent memory. The user trusted device computes a card PIN (card_PIN) using a function (f) and the key as stored on the persistent memory, wherein the card PIN is computed using the following equation: card_PIN=f(K, ext_PIN). The user trusted device unlocks the memory card using the card PIN, thereby forming an unlocked memory card.

摘要翻译： 提供了一种用于用户可信设备的安全PIN管理的机制。 用户信任的设备检测耦合到用户信任设备的存储卡。 用户信任的设备接收外部PIN（ext_PIN）的用户输入。 用户可信设备识别与外部PIN相关联的密钥（K），其中该密钥存储在永久存储器中。 用户可信设备使用功能（f）和存储在永久存储器上的密钥来计算卡PIN（card_PIN），其中使用以下等式计算卡PIN：card_PIN = f（K，ext_PIN）。 用户信任的设备使用卡PIN解锁存储卡，从而形成解锁的存储卡。

公开(公告)号：US09152815B2

公开(公告)日：2015-10-06

申请号：US13881735

申请日：2011-10-18

申请人： Michael Baentsch ,  Harold D. Dykeman ,  Reto J. Hermann ,  Thorsten Kramp ,  Michael P. Kuyper-Hammond ,  Michael C. Osborne ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Harold D. Dykeman ,  Reto J. Hermann ,  Thorsten Kramp ,  Michael P. Kuyper-Hammond ,  Michael C. Osborne ,  Thomas D. Weigold

IPC分类号： G06F21/62

CPC分类号： G06F21/6218 ,  G06F2221/2141 ,  G06F2221/2153

摘要： A method, a secure device, a system and a computer program product for securely managing user access to a file system. The method includes providing a secure device, where the secure device is protected by design against malicious software or malware and adapted to establish a connection to a server through a telecommunication network establishing a connection between the secure device and the server, receiving at the secure device, through the established connection, data pertaining to a file system identifying files which are at least partly stored outside the secure device, exposing at the secure device the file system to a user, based on the data received from the server, the file system navigable by the user.

摘要翻译： 一种用于安全管理对文件系统的用户访问的方法，安全装置，系统和计算机程序产品。 该方法包括提供一种安全设备，其中安全设备受设计保护以防恶意软件或恶意软件，并且适于通过建立安全设备和服务器之间的连接的电信网络建立到服务器的连接，在安全设备 通过建立的连接，与文件系统相关的数据识别至少部分存储在安全设备外部的文件，基于从服务器接收到的数据，在安全设备将文件系统暴露给用户，文件系统可导航 由用户

公开(公告)号：US5426637A

公开(公告)日：1995-06-20

申请号：US992857

申请日：1992-12-14

申请人： Jeffrey H. Derby ,  Willibald A. Doeringer ,  Harold D. Dykeman ,  Liang Li ,  Haldon J. Sandick ,  Ken V. Vu

发明人： Jeffrey H. Derby ,  Willibald A. Doeringer ,  Harold D. Dykeman ,  Liang Li ,  Haldon J. Sandick ,  Ken V. Vu

IPC分类号： H04L12/46 ,  H04L12/66

CPC分类号： H04L12/66 ,  H04L12/4604 ,  H04L45/742

摘要： A system for interconnecting widely separated local area networks (LANs) by means of a wide area network (WAN) utilizes network level facilities to establish a connection through the wide area network and to create connection table entries at the WAN access point which allow subsequent data frames to be transmitted through the wide area network without such network level operations. More particularly, the various LANs are combined into search groups, represented by address prefixes, to which LAN-initiated connection requests can be broadcast and which can respond so as to establish the data path connections. This system has the connection flexibility of a prior art router and, at the same time, the low overhead of a prior art bridge.

摘要翻译： 通过广域网（WAN）互连广泛分离的局域网（LAN）的系统利用网络级设施通过广域网建立连接，并在WAN接入点创建连接表条目，允许后续数据 通过广域网传输帧，无需进行网络级操作。 更具体地，各种LAN被组合成由地址前缀表示的搜索组，LAN发起的连接请求可以被广播并且哪些可以响应以便建立数据路径连接。 该系统具有现有技术的路由器的连接灵活性，同时具有现有技术的桥接器的低开销。

公开(公告)号：US20110238994A1

公开(公告)日：2011-09-29

申请号：US13036445

申请日：2011-02-28

申请人： Michael Baentsch ,  Harold D. Dykeman ,  Michael C. Osborne ,  Tamas Visegrady

发明人： Michael Baentsch ,  Harold D. Dykeman ,  Michael C. Osborne ,  Tamas Visegrady

IPC分类号： H04L9/32

CPC分类号： H04L9/3273 ,  G06F21/445 ,  H04L9/0897 ,  H04L63/0428 ,  H04L63/0853 ,  H04L63/0884 ,  H04L2209/76

摘要： A security device (6) is provided for facilitating management of secret data items such as cryptographic keys which are used by a remote server (2) to authenticate operations of the server (2). The device (6) has a user interface (13), control logic (16) and a computer interface (11) for connecting the device (6) to a local user computer (5) for communication with the remote server (2) via a data communications network (3). The control logic is adapted to establish via the user computer (5) a mutually-authenticated connection for encrypted end-to-end communications between the device (6) and server (2). In a backup operation, the secret data items are received from the server (2) via this connection. The control logic interacts with the user via the user interface (13) to obtain user authorization to backup secret data items and, in response, stores the secret data items in memory (10). To restore secret data items to the server, the control logic interacts with the user via the user interface (13) to obtain user authorization to restore secret data items and, in response, sends the secret data items to the server (2) via said connection.

摘要翻译： 提供了一种安全装置（6），用于促进由远程服务器（2）用于认证服务器（2）的操作的密码密钥等秘密数据项的管理。 设备（6）具有用于将设备（6）连接到本地用户计算机（5）的用户接口（13），控制逻辑（16）和计算机接口（11），用于与远程服务器（2）经由 数据通信网络（3）。 控制逻辑适于经由用户计算机（5）建立用于设备（​​6）和服务器（2）之间的加密的端到端通信的相互认证的连接。 在备份操作中，经由该连接从服务器（2）接收秘密数据项。 控制逻辑经由用户界面（13）与用户交互以获得备份秘密数据项的用户授权，并作为响应将秘密数据项存储在存储器（10）中。 为了将秘密数据项恢复到服务器，控制逻辑经由用户界面（13）与用户交互以获得用户授权以恢复秘密数据项，并且作为响应，经由所述服务器（2）将秘密数据项发送到服务器（2） 连接。